[jira] [Commented] (CLOUDSTACK-6747) Allowing non rfc1918 networks on the other end of VPC Site 2 Site VPN

Wed, 25 Jun 2014 05:41:29 -0700 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-6747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14043397#comment-14043397
 ] 

Daan Hoogland commented on CLOUDSTACK-6747:
-------------------------------------------

fix seems simple: create a more forgiving check and use that instead of the 
validGuestCidrList check

will fix for master but as we ran into this as well we might put effort into 
backporting

increased level to major as this is counter intuitive and restrictive on the 
functionality of ACS

> Allowing non rfc1918 networks on the other end of VPC Site 2 Site VPN
> ---------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-6747
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6747
>             Project: CloudStack
>          Issue Type: Improvement
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Management Server, Network Controller, Virtual Router
>    Affects Versions: 4.2.0, 4.3.0
>            Reporter: Erik Weber
>            Assignee: Daan Hoogland
>             Fix For: Future
>
>
> When you configure a Site 2 Site VPN Customer gateway the other end from 
> CloudStack point of view is not allowed to be outside rfc1918 address scope.
> There are use cases where the client / remote networks use official/public 
> addresses and you want to encrypt / secure the traffic with VPN.
> Log excerpt:
> 2014-05-21 12:30:42,326 WARN  [c.c.u.n.NetUtils] (API-Job-Executor-7:job-3072 
> ctx-bf3922b1) cidr 50.0.1.0/24 is not RFC 1918 compliant
> 2014-05-21 12:30:42,335 ERROR [c.c.a.ApiAsyncJobDispatcher] 
> (API-Job-Executor-7:job-3072) Unexpected exception while executing 
> org.apache.cloudstack.api.command.user.vpn.CreateVpnCustomerGatewayCmd
> com.cloud.exception.InvalidParameterValueException: The customer gateway 
> guest cidr list 50.0.1.0/24 is invalid guest cidr!
> at 
> com.cloud.network.vpn.Site2SiteVpnManagerImpl.createCustomerGateway(Site2SiteVpnManagerImpl.java:176)
> Expected behavior is that guest cidr should be allowed as long as it's a 
> valid cidr, including if it's outside of RFC1918



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to